RE: Re: [Snort-devel] IDS vs IPS

["Georges J. Jahchan, Eng." <Snort-Users () Compucenter org>]

IPS does not have to be network-based. In fact it is most effective when
host-based, and coupled with other forms of protection from network threats
(firewalls, NIDS, AV, application layer content filtering, etc).

In a SOHO environment, some personal firewalls (despite their quirks and
sometimes false sense of security) are examples of limited HIPS. Kerio is my
personal favorite and I am sure everyone has his personal favorite based on
features/needs.

In an enterprise environment: CA eTrust Access Control, Cisco Security Agent
(ex. Okena StormWatch), Entercept and some others come to mind (with varying
degrees of protection, means of providing it, and sheer complexity). They
all share a very steep learning curve and require quite a bit of tinkering
and trial & error just to set them up, let alone configure them effectively.

Some of these products (when properly configured) can protect the host and
data thereon from 'root' logged on the console. They are not a substitute
for proper perimeter defenses, but provide an additional layer of host
protection that network-based solutions cannot touch.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users